CVE-2016-5198
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
V8 en Google Chrome anterior a 54.0.2840.90 para Linux y 54.0.2840.85 para Android y 54.0.2840.87 para Windows y Mac incluyeron asunciones de optimización incorrectas, lo que permitió a un atacante remoto realizar operaciones de lectura/escritura arbitrarias, conduciendo a la ejecución de código, a través de una página HTML manipulada.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-31 CVE Reserved
- 2016-11-08 CVE Published
- 2022-06-08 Exploited in Wild
- 2022-06-22 KEV Due Date
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-12-17 EPSS Updated
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94079 | Broken Link | |
http://www.securitytracker.com/id/1037224 | Broken Link |
URL | Date | SRC |
---|---|---|
https://crbug.com/659475 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-2672.html | 2024-06-28 | |
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html | 2024-06-28 | |
https://access.redhat.com/security/cve/CVE-2016-5198 | 2016-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1391356 | 2016-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 54.0.2840.90 Search vendor "Google" for product "Chrome" and version " < 54.0.2840.90" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 54.0.2840.85 Search vendor "Google" for product "Chrome" and version " < 54.0.2840.85" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 54.0.2840.87 Search vendor "Google" for product "Chrome" and version " < 54.0.2840.87" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 54.0.2840.87 Search vendor "Google" for product "Chrome" and version " < 54.0.2840.87" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
|